On Wed, 15 Jan 2020 at 13:40, Matus UHLAR - fantomas <uh...@fantomas.sk> wrote: > > >> On Mon, Jan 13, 2020 at 06:25:27PM +0100, Simon B wrote: > >> > > > >> >Since upgrading to 2.11 yesterday (yes, I am on a path to move up > >> > > > >> >through debian versions), all mail coming in on > >> > > > >> >postfix/submission/smtpd is being rejected by the domain check > >> > > > >> >in that > >> > > > >> >file, even though the user is sasl authenticated. > > >On Mon, 13 Jan 2020 at 18:44, Viktor Dukhovni > ><postfix-us...@dukhovni.org> wrote: > >> Note, Postfix 2.11 (actually 2.10 IIRC) adds "smtpd_relay_restrictions", > >> which you don't override in the submission service definition: > > On 15.01.20 13:19, Simon B wrote: > >Cause and effect in one simple sentence - thanks Viktor! > > if you use debian, the default smtpd_relay_restrictions should contain: > > smtpd_relay_restrictions=permit_mynetworks permit_sasl_authenticated > defer_unauth_destination
That results in this Jan 15 13:32:53 mail postfix/smtpd[743]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; > which is the default value. It's added in postfix postinst script. > > ...unless you have overridden it, in such case it contains what you put > there. > > >Now looks like this... > > > > 10 submission inet n - n - - smtpd > > 11 -o syslog_name=postfix/submission > > >Which seems to have solved the problem - or at least just kicked it > >down the road. Now there's a slightly different format of the error > >when receiving mail from the amavis filter... > > > >Jan 15 11:39:31 mail postfix/smtpd[31588]: connect from localhost[127.0.0.1] > >Jan 15 11:39:31 mail postfix/smtpd[31588]: NOQUEUE: reject: RCPT from > >localhost[127.0.0.1]: 554 5.7.1 <amavisd.example.net>: Helo command > >rejected: Host not found; from=<si...@example.net> to=< > >simo...@example.com> proto=ESMTP helo=<amavisd.example.net> > > note that this says "postfix/smtpd" and thus it's not related to master.cf > definition of submission above, then would say "postfix/submission/smtpd" Correct. The submission problem is now solved. The problem is now receiving mail back from amavis. > >Jan 15 11:39:31 mail amavisd-new[2303]: (02303-14) smtp resp to RCPT > >(pip) (<simo...@example.com>): 554 5.7.1 <amavisd.example.net>: Helo > >command rejected: Host not found > > >Despite the fact that I changed those receiver settings in master.cf to: > > > >118 #The amavis reciever > >119 127.0.0.1:10025 inet n - - - - smtpd > >120 -o content_filter= > >121 -o local_recipient_maps= > >122 -o relay_recipient_maps= > >123 -o smtpd_restriction_classes= > >124 -o smtpd_client_restrictions=permit_mynetworks,reject_plaintext_session > >125 -o smtpd_helo_restrictions=permit_mynetworks > >126 -o smtpd_sender_restrictions= > >127 -o smtpd_recipient_restrictions=permit_mynetworks,reject > >128 -o mynetworks=127.0.0.0/8 > >129 -o strict_rfc821_envelopes=yes > >130 -o > >receive_override_options=no_unknown_recipient_checks,no_header_body_checks > >131 -o smtp_bind_address=127.0.0.1 > > > >At the moment nothing is going through amavis in either direction, so > >that's a problem... > > are you sure amavis sends mail through port 10025? Hi Matus, Yes, very sure. if I turn on -v logging for that hop, I am concerned about these lines in the log. Jan 15 13:09:01 mail postfix/smtpd[466]: < localhost[127.0.0.1]: EHLO amavisd.localhost Jan 15 13:09:01 mail postfix/smtpd[466]: match_list_match: localhost: no match Jan 15 13:09:01 mail postfix/smtpd[466]: match_list_match: 127.0.0.1: no match and Jan 15 13:09:01 mail postfix/smtpd[466]: generic_checks: name=permit_mynetworks Jan 15 13:09:01 mail postfix/smtpd[466]: permit_mynetworks: localhost 127.0.0.1 Jan 15 13:09:01 mail postfix/smtpd[466]: match_hostname: localhost ~? 127.0.0.0/8 Jan 15 13:09:01 mail postfix/smtpd[466]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8 Jan 15 13:09:01 mail postfix/smtpd[466]: match_list_match: permit_mynetworks: no match culminating in Jan 15 13:09:01 mail postfix/smtpd[466]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <amavisd.localhost>: Helo command rejected: Host not found; from=<si...@example.net> to=<simo...@example.com> proto=ESMTP helo=<amavisd.localhost> permit_mynetworks should be permitting that, not offering no match.